tags:

views:

190

answers:

2
+1  Q: 

What exactly occurs when selecting windows "Install Updates and shut down" logoff option?

When updates are available and the user selects Shut Down from the Windows start menu, a dialog appears with a menu for Shutdown, Log Off etc.

One option which appears is

"Install Updates And Shut Down"

The question is, what exactly happens when the user presses OK?

Is the task showing the dialog Explorer? (It seems impossible to tell with process monitor spying, because the desktop is frozen)

I assume (But am not sure) this is Explorer and when the user presses OK it calls ExitWindowsEx

If So the question is what is different when the user selects "Install Updates And Shut Down" would it send special flags to ExitWindowsEx or perhaps call another API and would there be any way to spy this functionality?

A: 

when the user clicks "ok", it logs out every connected user then it installs all pending updates. the update installation process does not execute in explorer. i think it executes under WinLogon, maybe through a Winlogon notification package. i don't know which system call would trigger this behaviour automatically...

however, you can have a look at the Windows Update Agent API which should allow you to control automatic updates programmatically.

Adrien Plisson  2009-11-03 18:15:23
I have attached WinDbg to Explorer.exe with bp user32!ExitWindowsEx and can see the arguments passed in the cx and dx registers. I have tested from the start menu with a standard shutdown and also with an 'Install Updates And Shutdown' and in each case the arguments passed is 9 for the flags (Shutdown + Poweroff) there seems to be no difference whatsoever in the ExitWindowsEx call. Disassembling Explorer.exe (With IDA PRO) shows it has an import of ExitWindowsEx but no cross-references. I would like to discover where the call is and what code surrounds it (in a dll perhaps?)
Jeff Parker  2009-11-03 23:16:21
A: 

Im just throwing out some thoughts..

Maybe it puts an entry in this registry key before restarting: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Also check out the value ShutdownFlags in the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Stefan  2010-08-24 09:02:20

related questions

Verifying files for testing
How do you create your own moniker (URL Protocol) on Windows systems?
Windows Equivalent of 'nice'
Is this a good way to determine OS Architecture?
Dual vs. Quadcore on a Webserver
Is there a WMI Redistributable Package?
PHP Error - Uploading a file
Ruby On Rails with Windows Vista - Best Setup?
OpenVPN Config file to prevent timeout
How can I create Debian install packages in Windows for a Visual Studio project?
How do I configure and communicate with a serial port?
What's the best setup for Mono development on Windows?
Appropriate pagefile size for SQL Server
XML Editing/Viewing Software
Linux shell equivalent on IIS
What is a better file copy alternative than the Windows default?
Windows Help files - what are the options?
Heap corruption under Win32; how to locate?
Best way to access Exchange using PHP?
Get a preview jpeg of a pdf on windows?
WinForms ComboBox data binding gotcha
How do you schedule tasks in Windows?
Register Windows program with the mailto protocol programmatically
Embedding Windows Media Player for all Browsers
Best Subversion clients for Windows Vista (64bit)